Social engineers need to utilize many tools to accomplish their goals. Today we will discuss operant conditioning. Many of us probably learned about Ivan Pavlov’s dogs and his pioneering classical conditioning in high school. In short, Pavlov studied the involuntary salivation of dogs that occurs when pooches think they might be getting food. If you have a dog, you know what that looks like. The study of classical conditioning is centered around eliciting INVOLUNTARY responses in organisms.
Classical conditioning is often confused with operant conditioning and, although they are similar, they are different and offer different benefits. Operant conditioning centers around the elicitation of VOLUNTARY responses such as directing people to buy a certain product or make other choices an agent finds desirable. As social engineers, it is important to understand the distinctions between these two types of conditioning. Of course, there are both positive and negative portions of this. In this blog, we will only explore the utility of creating a positive effect in targets.
Operant Conditioning in Marketing
Consider the Snuggle Bear mascot, created to help sell Snuggle fabric softener. The bear is very pleasant and cute by many people’s standards. He is also soft like the teddies of our youth. In the TV advertisement, we get acquainted with the bear and his appeal before heading to the store and seeing the same bear on the boxes and bottles of Snuggle products. Everything about the bear, from the voice to the appearance, indicates softness.
Kia’s “Hamstars” is another example of operant conditioning being utilized in marketing. As hip-hop culture perpetually gains momentum in America, especially among youth, it makes sense to tailor ads in this manner. Touting the perils of being conventional, the mascots rap about being different and blazing a trail. Kia has not only marketed the hamsters’ likeability to sell cars (as well as a special edition “Hamstar” models, there is also a clothing line.
The Society for the Protection of Cruelty to Animals’ recent marketing video illustrating that dogs can be taught to “drive” cars is another example of operant conditioning across species. If the dogs can exhibit their intelligence after being taught through conditioning, then perhaps humans will also be conditioned to opening up more to the idea of adopting a dog. Operant conditioning shapes the dog’s behavior, which is certainly not instinctive (driving a car), and the SPCA hopes it will influence our own behavior (adopting rather than buying a puppy from a breeder, etc) since many people look for a very young dog without a potentially troublesome history and minimal contact with other people.
What You Can Do
Begin to look for positive conditioning on your TV and listen for it on your radio. Be aware of it in your conversations with others and make connections between what you are taking in and what others want you to do based on the information you are receiving. In the realm of social engineering, this awareness can be the difference between making your own decisions or the illusion of making your own decisions. Clearly, there is nothing wrong with adopting a dog from a shelter or driving a Kia, just understand why you are doing it. Awareness is the key.
Include this in your security awareness training so your company doesn’t react like a rat in a test, which is just what a malicious social engineer wants. Realize that these skills are the same whether they are positive or negative; the intent is all that changes. When we perform a social engineer pentest for our clients, we utilize this to show how easy it is to condition people. We then use the results in our training.
Each day we are conditioned by marketers, friends, family, and co-workers – just be aware of how it affects you. Stay safe.
